10 Ways to Prove Due Diligence in Food Safety (UK 2026)

What due diligence in food safety actually means

Due diligence in food safety is a legal concept, not a marketing phrase. Section 21 of the Food Safety Act 1990 creates a defence for anyone charged with a food safety offence. You must prove two things: that you took all reasonable precautions, and that you exercised all due diligence. Precautions are the systems you put in place. Diligence is the proof that those systems ran every single day.

The FSA's own guidance says courts will decide what counts as "reasonable" based on the size and nature of your business. A major supermarket chain faces higher expectations than a village café. But both need documented evidence. A verbal claim that "we always check the fridge" is not a defence. A timestamped log showing 288 daily readings from a calibrated sensor is.

The defence only works if you can show the evidence before you need it. Building your due diligence file after an incident is too late. Courts treat after-the-fact documentation with suspicion. Your records need to exist continuously, automatically, and independently of anyone remembering to fill in a form.

1. Replace manual temperature logs with continuous monitoring

A paper SC2 form captures two readings per day. That covers 0.7% of the 24-hour monitoring window. If a compressor fails at 2am and nobody checks until 8am, you have a six-hour gap with zero evidence. No court will accept "we didn't know" when a £29/month sensor could have told you in five minutes.

Automated temperature monitoring fires every five minutes, 24 hours a day. That gives you 288 readings per sensor per day. Each reading carries a timestamp, sensor ID, and calibration reference. The data feeds into an immutable log that nobody can edit after the fact.

This is the single highest-impact due diligence investment you can make. It costs less per month than one reinspection fee. It produces the evidence density that makes Section 21 credible. And it catches equipment faults before they spoil stock worth thousands.

2. Keep your HACCP plan current, reviewed, and site-specific

Every UK food business needs a HACCP-based food safety management system under Regulation (EC) No 852/2004. But having a plan is not enough. Your plan must be current. If you changed your menu six months ago and the HACCP plan still lists the old dishes, an EHO will notice. If your plan is a generic template you downloaded in 2020, that is even worse.

Review your HACCP plan every time something changes: new menu items, new suppliers, new equipment, new staff roles. Document each review with a date, reviewer name, and summary of what changed. That review trail is due diligence evidence in itself.

Site-specific means your plan describes your kitchen, your equipment, your processes. A multi-site chain needs a plan for each location, even if the base template is the same. Courts have rejected due diligence defences where the plan clearly did not match the actual operation.

3. Calibrate your thermometers and keep the certificates

A temperature reading is only as good as the instrument that took it. If your probe thermometer drifts by 2°C, a reading of 6°C could actually be 8°C. You are at the legal limit without knowing it. In court, the first question a defence solicitor asks is: "Was this instrument calibrated?"

Annual UKAS-traceable calibration costs £30 to £80 per instrument. The certificate proves your sensor was accurate on a specific date, within a stated tolerance. Store certificates alongside your temperature records so the link between reading and instrument accuracy is unbroken.

Between annual calibrations, run weekly checks against a known reference point. An ice slurry at 0°C is the simplest method. Log every check with a date, result, and the name of the person who performed it. This builds a continuous calibration trail that courts recognise as thorough due diligence.

4. Document every corrective action with five elements

When something goes wrong, what you do next determines whether you have a due diligence defence. Throwing away warm chicken is a response. It is not a documented corrective action. Courts want to see five things: the trigger (what happened), the impact (what food was affected), the action taken (what you did), the verification (how you confirmed the fix worked), and the prevention (what you changed to stop it happening again).

The excursion report format captures all five. When a sensor detects a breach, the system logs the trigger and impact automatically. Staff add the corrective action and verification. The prevention step closes the loop. Every element shares the same record ID so the full story is traceable from one document.

Missing any one of these five elements weakens your Section 21 defence. A stack of temperature logs showing a breach, with no record of what you did about it, actually works against you. It proves you knew about the problem and did nothing documented.

5. Verify your suppliers and keep the paperwork

Section 21 allows you to argue that the offence was someone else's fault, but only if you can prove you verified that supplier beforehand. That means keeping records of supplier approvals, audit reports, certificates (like BRCGS or SALSA), and delivery temperature checks.

Check delivery temperatures at every drop. Log the supplier name, product, batch or lot number, temperature reading, and the name of the person who checked. If the delivery arrives above 8°C for chilled goods, refuse it and document why. That refusal is due diligence evidence. Accepting a warm delivery and hoping for the best is the opposite.

Review your approved supplier list at least annually. Check that certificates are still valid. Ask for updated allergen declarations. If a supplier appears in an FSA recall alert, document your response: did you quarantine stock, contact the supplier, update your risk assessment? Each step builds the due diligence chain.

6. Train your staff and prove it with records

An untrained member of staff who contaminates food is your liability, not theirs. Courts expect food businesses to train every person who handles food, and to document that training with dates, topics covered, trainer names, and assessment results.

At minimum, every food handler needs Level 2 food hygiene training. Supervisors and managers who build or run your HACCP plan should hold HACCP Level 3. Renew training every three years. Keep certificates on file and accessible.

Beyond formal qualifications, document your induction process. When a new starter joins, record what they were taught about temperature checking, hand washing, allergen management, and cleaning schedules. A signed training acknowledgement form costs nothing and adds a concrete layer to your due diligence defence.

7. Keep your SFBB diary current and acknowledged daily

Safer Food Better Business is the FSA's simplified HACCP system for smaller food businesses. If you use SFBB, your diary must be filled in every day. Gaps in your SFBB diary are the fastest way to lose points on the "confidence in management" score during an EHO inspection.

Each diary entry should record opening checks, temperature readings, cleaning tasks, and any problems that occurred with the corrective actions taken. Automated SFBB diary systems fill in the sensor-generated data and prompt staff to acknowledge and add notes. That hybrid approach gives you both automated evidence and human verification.

An EHO flipping through three months of perfect, identical diary entries will be suspicious. Real kitchens have occasional issues. Documenting those issues honestly, with proper corrective actions, is stronger due diligence evidence than a suspiciously clean record.

8. Follow cleaning schedules and verify they worked

A cleaning schedule tells staff what to clean, when, and how. That is the precaution. Verification records prove the cleaning actually happened and was effective. That is the diligence. You need both.

For each cleaning task, log the date, time, who did it, what chemicals were used (with correct dilution rates), and the result. For food contact surfaces, consider periodic swab testing. ATP swabs give instant results and the log entries add scientific weight to your due diligence file.

Chemical storage and handling also matter. COSHH data sheets should be accessible for every cleaning product on site. Staff should know which chemicals are food-safe and which require rinsing. Storing bleach next to open food is a BRCGS non-conformity and a due diligence failure in one.

9. Maintain an active pest control programme with visit records

Pest contamination is a food safety offence under the Food Safety Act 1990. Your due diligence defence requires proof that you took reasonable precautions to prevent it. That means a pest control contract with a reputable provider, scheduled visits (typically monthly or quarterly), written reports after each visit, and documented follow-up actions for any findings.

Keep a pest control log on site. It should show visit dates, what the technician checked, any evidence of pest activity found, treatments applied, and recommendations. If the technician recommended sealing a gap under a door and you did not do it, that gap becomes evidence of negligence, not diligence.

Between professional visits, train staff to spot early signs: droppings, gnaw marks, unusual smells, damaged packaging. Log every sighting and the action taken. A proactive pest management approach, with documented evidence of both prevention and response, is exactly what Section 21 requires.

10. Build an inspection-ready evidence pack you can produce in 30 seconds

All nine methods above are useless if you cannot find the evidence when someone asks for it. An EHO arriving for an unannounced visit will not wait while you dig through filing cabinets, search email threads, and phone your manager to ask where the calibration certificates are.

Build a single evidence pack that contains: your current HACCP plan, the last 72 hours of temperature logs, your SFBB diary, recent corrective action records, calibration certificates, staff training records, supplier approval list, cleaning schedules with verification, and pest control reports. Store it digitally on a tablet at the front of house. Update it automatically where possible.

Rehearse the handover. Twice a week, have a supervisor pull up the pack and time how long it takes to find any specific document. Target: under 30 seconds. If it takes longer, reorganise. The EHO inspection checklist covers the exact documents officers check first.

That 30-second retrieval time is not just operational convenience. It is a direct signal of management confidence, the FHRS scoring element that separates a 3 from a 5. Our data analysis of confidence in management scores proves this is where most due diligence defences are won or lost.

Due diligence evidence comparison: manual vs automated

Here is how manual and automated approaches compare across the 10 due diligence methods.

Key takeaway: Manual methods can satisfy due diligence if done consistently. But automated methods produce stronger evidence with less effort. When a court asks whether you took "all reasonable precautions," the fact that automated systems were commercially available and affordable (£29/month) makes it harder to justify the manual alternative.

What happens when due diligence fails

Food safety prosecutions under the Food Safety Act 1990 carry unlimited fines in the magistrates' court (since the Legal Aid, Sentencing and Punishment of Offenders Act 2012 removed the cap). Crown Court cases can result in up to two years imprisonment. In practice, fines for food hygiene offences typically range from £1,000 to £50,000+, depending on the severity and the size of the business.

Beyond fines, a failed due diligence defence means: a criminal record for the business and potentially the individual manager, closure orders if the risk is imminent, negative publicity when the conviction is reported in local press, and a damaged FHRS rating that drives away customers.

The cost of prevention is almost always lower. Automated temperature monitoring costs £29/month. Annual calibration costs £30 to £80. Staff training costs £25 to £150 per person. A pest control contract runs £500 to £1,500 per year. Add it all up and you are spending less than one typical food safety fine to build a defence that prevents it entirely.